System and method for securing multiple data segments having different lengths using pattern keys having multiple different strengths

ABSTRACT

A system and method for securing data and information is disclosed. Multiple cryptographic paradigms may be applied to multiple length data segments to encrypt such data to prevent unauthorized use. The system and method uses pattern keys. At least one pattern key uses a cryptographic paradigm different from the other pattern keys. Furthermore, each pattern key has a given key strength and at least one pattern keys key strength differs from the one or more other pattern keys used in the process. The pattern keys are applied to the data in accordance with a key pattern which defines the sequence that each pattern key is applied to the data. The length of each data segment may vary one from the other and such segment length is determined in accordance with the pattern key applied. In addition, the initial plaintext data may first be encrypted using a first password before the disclosed process is implemented

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.

FIELD

This disclosure relates to information security, and more specifically to applied cryptography.

BACKGROUND

The use of electronic data and other information has become an integral part of daily life. Each day, more and more emails, electronic documents, personal information and other forms of electronic data are transmitted throughout the world by businesses and individuals alike. Accordingly, the need to secure such data from unauthorized use and viewing has also increased

Cryptography is the art and science of preparing, transmitting and reading messages in a form intended to prevent the message from being read by those not privy to secrets associated with the form. Cryptography is practiced in and widely appreciated for a wide array of applications, including gaming, computer security, healthcare information security, banking information security, military communications, mathematics, intellectual property protection and many others.

Public key cryptography provides the benefit of using a pair of related keys, including a private key that is typically a closely held secret, and a corresponding public key which may be widely revealed.

Public key digital signature schemes include methods for signing and verifying digital signatures. The signing method creates a data string called a “signature” that is associated with a digital message to bind the message to the signing entity's private key. The private key is associated with a corresponding public key, which the recipient of the message uses with a verification method to verify that the received message was, in fact, signed using the associated private key.

A public key encryption scheme includes methods for encrypting and decrypting plaintext into messages, in which a message encrypted with a party's public key can only be decrypted using the associated private key.

In the past, such prior art cryptography techniques encrypted data to make the data difficult, if not impossible, to decrypt. Such techniques were designed to prevent unauthorized review and/or use of the data by third parties. While such prior art cryptography techniques can, in fact, be very difficult to attack and bypass, such techniques remain vulnerable to attacks for several reasons.

Many prior art cryptography techniques use only a single data block or segment length when encrypting the data. Accordingly, a discernible pattern can be detected and such patterns aid in attacking and bypassing the benefits associated with using such cryptographic techniques. Still further, many prior art cryptography techniques use only a single key to encode all of the data. Accordingly, the use of a single key applied to all blocks or segments of data similarly provides the basis for finding a pattern that can be used to attack such cryptographic techniques.

Accordingly, there has been a long felt need for a new, improved and more robust cryptographic technique that can defeat well-known attacks on cryptographic methodologies. The currently disclosed technology readily satisfies this and other needs.

SUMMARY

Briefly, and in general terms, the disclosure is directed towards information security and establishing data integrity and non-repudiation. More particularly, the disclosure is directed towards securing data that is accomplished using multiple and variable data segment sizes or lengths. Still further, the disclosure is directed to securing data through the use of multiple pattern keys, each key having a different key strength and each key applied to one or more, but not all of the multiple data segments. The sequence for applying various pattern keys to the multiple data segments is identified by a key pattern. This results in a multi-standard, multi-segment paradigm.

In another embodiment, when a Public Key Infrastructure (PKI) paradigm is employed, the length of the data segment is determined based upon the PKI pattern key that is used. In this embodiment, various pattern key strengths are used (i.e., length of the pattern key) and the data segment length is determined in accordance with the PKI paradigm. A key pattern identifies the sequence that each pattern key is applied to each data segment.

In another embodiment, when a non-PKI pattern key is used, the length of the data segment is determined by a random number generated by a Random Number Generator, or other known means. The number indicates the length of the data segment. Thereafter, the pattern key is used to encrypt each data segment. Each such pattern key can have a different key strength from any other pattern key and each data segment length can vary independent of the pattern key lengths. A key pattern identifies the sequence that each pattern key is applied to each data segment. In addition, any cryptographic paradigm may be used in this embodiment.

In still another embodiment, a combination of the PKI paradigm determined data segment lengths and the random number data segment lengths may be used together in the cryptographic process. A key pattern identifies the sequence that each pattern key is applied to each data segment. Again, one or more cryptographic paradigms may be used herein.

In another embodiment, before the pattern keys are applied to the multiple data segments, all the plaintext data is first encrypted using an agreed upon password and cryptographic paradigm.

In still another embodiment, a plurality of cryptographic paradigms is used in combination so that pattern keys of different cryptographic paradigms can be applied to data segments of differing lengths.

Still further, another embodiment is directed to a system for securing data. The system includes a processor, a memory and a Random Number Generator (RNG). Using the processor, multiple pattern keys are applied to multiple data segments, in accordance with a key pattern, the key pattern identifies the sequence in which the keys are applied to encrypt the data segments. Both the pattern keys and the data segments are of varying lengths. The length of the data segment is defined either by the PKI pattern key itself or using a random number generated by the RNG for non-PKI pattern keys. As a result, the system generates a secure, encrypted message from the plaintext data as a result of the application of the multi-standard, multi-segment process.

Another embodiment is directed to a system for decrypting the encrypted data to return the original plaintext data. The system includes a processor, a memory and a Random Number Generator (RNG). Using the processor, multiple pattern keys are applied to multiple data segments, in accordance with a key pattern. Both the pattern keys and the data segments are of variable lengths. The length of the data segment is defined either by the PKI pattern key itself or using the random number generated by the RNG during the encryption process. As a result of applying the proper pattern keys to the corresponding data segments, the pattern keys can be used to decrypt the message back into the plaintext form.

And in yet another embodiment, a method for decrypting the encrypted data is disclosed. Multiple pattern keys are applied to multiple data segments, in accordance with a key pattern. Both the pattern keys and the data segments are of variable lengths. The length of the data segment is defined either by the PKI pattern key itself or using the random number generated by the RNG during the encryption process. As a result of applying the proper pattern keys to the corresponding data segments, the pattern keys can be used to decrypt the message back into the plaintext form.

For each of the decryption system and method embodiments, in the event the original plaintext message was first encrypted by a password before the pattern key encryption process began, (performed to create a one time pad of the data for enhanced security) once decryption of the data segments is complete, the password is then applied to finally return the data to its original plaintext form.

Of course, one of ordinary skill in the art will appreciate that the above system and method need not be limited to any particular environment, system or cryptographic techniques. Any system and method capable of processing the data integrity and non-repudiation routines on any data, software or information may be used. Furthermore, the system and methods may transmit the authenticated data, information and/or software to any type of device, e.g., computers, networks, mobile devices. Laptops, tablets and the like.

Other features will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, which illustrate by way of example, the features of the various embodiments.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 is a general block diagram of an encryption/decryption system that may be used in association with a method of establishing data integrity and non-repudiation;

FIG. 2 is a logic flow diagram of a method of establishing data integrity and non-repudiation using an encryption process; and

FIG. 3 is a logic flow diagram of a method of establishing data integrity and non-repudiation using a decryption process.

DETAILED DESCRIPTION

Protecting information security is critical in today's information intensive society. Verifying the accuracy of information to provide trustworthiness is essential. In many different environments, sensitive data and information is transmitted from one location to another. The receiving party must be able to verify the authenticity of the information and the sender must be able to rely upon the information being transmitted securely.

Accordingly, this disclosure is directed towards information security and establishing data integrity and non-repudiation. More particularly, the disclosure is directed towards securing data that is accomplished by using multiple and variable data segment lengths. Still further, the disclosure is directed to securing data through the use of multiple pattern keys, each key having a different key strength and each key applied to one or more, but not all of the varying length data segments. A key pattern is used to define and/or identify the sequence that each pattern key is applied to each data segment. It will be appreciated that the key pattern can be any form of indicia so long as the parties and the cryptographic system and method disclosed herein can use such indicia to determine the sequence of pattern key application to each data segment.

One of ordinary skill in the art will appreciate that the methods, functionality and features described herein may be embodied in whole or in part in software which operates on a standalone, server, or a distributed system and may be in the form of firmware, an application program, an applet, a plug-in, a COM object, a dynamic linked library, a script, one or more subroutines, or an operating system component or service.

Still further, one of ordinary skill in the art will appreciate that the disclosed cryptographic process may be used in the same manner as any other known cryptographic technique and applied accordingly. As used herein, “plaintext” refers generally to all information, data and any other content in its unencrypted form. As used herein, “message” is the encrypted faun of the plaintext.

In general, by way of example only and not by way of limitation, the disclosed cryptographic process will now be discussed in more detail.

Data is apportioned into segments of varying lengths. For example, 40 bits, 168 bits, 296 bits, 1960 bits, 16,296 bits, and the like. It should be appreciated that any length data segment may be used and the determination of data segment length may be done in a predetermined manner (PKI) or chosen randomly (RNG). Each data segment may be a different length or, alternatively, some, but not all data segments may be the same length as other data segments.

In accordance with a key pattern, which defines a sequence, two or more pattern keys are applied to the data segments. More particularly, pattern key 1 may be applied to data segment 1, pattern key 2 to data segment 2, pattern key 3 to data segment 3, and . . . pattern key n to data segment n. It will be appreciated that one or more pattern keys, 1-n, may be applied to one or more data segments, 1-n. In general, each pattern key, 1-n, will have its own key length or strength. For example, pattern key 1 may be 128 bits, pattern key 2 may be 256 bits, pattern key 3 may be 2048 bits, and the like. However, one of ordinary skill in the art will appreciate that any key strength (number of bits) may be used for each pattern key and, further, that one or more pattern keys may each have the same key strength.

The reason for using pattern keys of different strength is to avoid patterns in the encrypted data. For example, a key strength of 2048 bit can encode approximately 600 bytes of data. If the same key strength is used again and again, then the same segment length or size (e.g., 600 bytes) of the data is used again and again. This presents a detectable pattern of data segment length. However, when various lengths of data segments are used along with various key strength (number of bits) there is no discernible pattern. Therefore, it becomes impossible to know (1) what data segment length was used, (2) what key length or strength was used and (3) which pattern key has been applied to which data segment. This sequence of how each pattern key is applied to each data segment (key pattern) acts as an additional security feature of the disclosed embodiments.

In short, by using different key strengths on different data segment lengths, there is nothing in the data to delineate each segment (e.g., segment 1 from segment 2) or the sequence in which each pattern key was applied to each data segment. Consequently, even if a third party acquires the pattern keys used in the cryptographic process, unless the sequence of how each pattern key is applied to each data segment is known, it is not possible to determine such sequence to decrypt the information.

In a preferred embodiment, the key strength is limited to 128 bits, 256 bits, 1024 bits and 2048 bits. This is done to enhance processing times when generating the encrypted output. However, it is to be understood that any key strength may be used without departing from the scope and spirit of this disclosure.

Still further, in another embodiment, different cryptographic paradigms may be used in addition to the various data segment lengths and/or pattern key strengths. By way of example only and not by way of limitation, one pattern key may use a Public Key Infrastructure (PKI), whereas another pattern key may be Blowfish, Elliptical Curve Cryptography (ECC), Pintsov-Vanstone Signature Scheme with Partial Message Recovery (PVSSR), Advance Encryption Standard (AES), Gamal, Data Encryption standard (DES), TripleDES, Rijndael, XMX, Serpent, Blowfish, Twofish, any combination of these standards, or the like. In other words, the disclosed cryptographic technique is not limited to the use of any one specific encryption paradigm. This provides enhanced flexibility and security capabilities.

Referring now to the drawings, wherein like references numerals denote like or corresponding parts throughout the drawings, and more particularly to FIG. 1, there is shown a general system 10 configured for use in performing the disclosed cryptographic process. The system 10 includes a processor 11 for operating on the data (e.g., encryption/decryption using various algorithms), a Random Number Generator (RNG) 12 for generating a random number (if applicable) for determining the length of a data segment, and a memory 13 for storing a pattern key algorithm table 14, the key pattern 17, and the data segment and its length 18, if necessary. Specifically, the memory 13 includes a table of pattern key algorithms 14 to be applied to the various data segments. This pattern key algorithm table 14 is determined and configured in advance by the parties before the cryptographic technology disclosed herein is first used. The table 14 includes the particular algorithms for each configuration of the system 10. That is, the pattern key algorithm table 14 includes the specific algorithm protocols and where in the algorithm table such algorithm(s) are located and called. Using the sequence defined by the key pattern 17, the processor 10 is configured to communicate with the memory 13 to access the one or more pattern key algorithms stored in the pattern key algorithm table 14. The processor 10 then applies each of the pattern keys to each of the various data segments to encrypt the data segments with the appropriate algorithm protocol associated with the pattern key.

As is discussed in greater detail below, the system 10 also may use the processor 11 to determine the length of the data segments 18. When a pattern key is applied, the processor first determines whether a PKI pattern key or non-PKI pattern key is active. If a non-PKI pattern key is active, then the processor 11 accesses the RNG 12 to generate a random number. This random number is used to set the length of the active data segment 18. This data segment length 18 is then stored in memory 13 so that it may be accessed later during the decryption process. If a PKI pattern key is active, then the length of the data segment 18 is predetermined by the PKI paradigm and need not be stored in the memory 13.

In summary, therefore, plaintext 15 is input into the system 10. Plaintext 15 may be input into the system 10 through any well-known mechanism or process. The processor 11 accesses the plaintext 15 and applies the cryptographic technique disclosed above to generate an encrypted version of the plaintext, i.e., a message 16. The message 16 may then be sent to one or more authorized recipients. The recipient, upon receipt of the encrypted message 16, can properly decrypt the message (as discussed in detail below) to return to the usable plaintext 15 form using the recipient's system 10.

One of ordinary skill in the art will appreciate that not all systems have all these components and may have other components in addition to, or in lieu of, those components mentioned here. Furthermore, while these components are viewed and described separately, various components may be integrated into a single unit in some embodiments.

By way of example and not by way of limitation, Table 1 illustrates one example of a pattern key algorithm table 14.

TABLE 1 Pattern Key Algorithms Key Length Password Index Standard Bits Byte Length 1 PKI 384 2 PKI 512 3 TripleDES 225 4 PKI 1024 5 AES 98 6 PKI 2048 7 Rijndael 90 8 PKI 4096 9 PKI 8192

As illustrated in Table 1, the pattern keys can be either a PKI pattern key or a non-PKI pattern key (i.e., using a non-PKI cryptographic paradigm). When a Public Key Infrastructure (PKI) paradigm is used by the system, the key strength (length or size of the key) of the PKI pattern key determines the size of the data segment to which the PKI pattern key is applied. This is a specific requirement of the PKI paradigm. Generally, as shown in Table 2, the data segment length is determined by dividing the key length (listed in bits) by 8 and then subtracting 11. This provides the length of the data segment in bytes. The PKI pattern key is then applied to this data segment, as discussed in more detail below.

TABLE 2 Given a PKI pattern key, the following Table displays relevant data segment lengths: Key Length Segment Length Segment Lengths (in bits) (Key length/8) − 11 (in bits) 128 5 40 256 21 168 384 37 296 512 53 424 1024 117 936 2048 245 1960 4096 501 4008 8192 1013 5104 16384 2037 16296

When other algorithms (non-PKI cryptographic paradigms) are used, the length of the data segments 18 are not limited or controlled by the pattern keys. In this embodiment, the length of the data segment 18 can be randomly chosen using a Random Number Generator (RNG) 12. The processor 11 takes a randomly generated number and creates a data segment 18 having a length corresponding to the random number. Generally, the length of the data segment 18 using the RNG 12 will be in the range of 96-512 bytes. However, it will be appreciated that any length data segment may be used herein. Furthermore, it will be appreciated that other methods may be used to determine the length of the data segment, in addition to or in lieu of the RNG 12 generating a random number. By way of example only, data segment lengths may be entered manually by a party, tied to another random process, agreed to in advance by the parties when the system is configured, or through use of another set pattern, or the like. All that is necessary is that the length of such data segment 18 is stored in memory 13 along with the data segment so that it may later be retrieve for proper decryption to occur. Once the data segment length 18 is determined in this embodiment, the pattern key algorithm is applied to the data segment to encrypt the data segment.

Accordingly, multiple data segments of different lengths are used with pattern keys of different strength (bit lengths). In addition, this technique enables the use of more than one cryptographic paradigm to be applied to one or more of the data segments and such application may be performed in any sequence. By way of example and not by way of limitation, each pattern key may use any of the PKI, PVSSR, ECC, AES, DES, TripleDES, Gamal, Rijndael, Twofish, Blowfish, XMX, Serpent, any combination thereof, or the like. In other words, the disclosed cryptographic technique is not limited to application of any one specific encryption paradigm or protocol.

In an alternative embodiment, all the Plaintext data is first encrypted using a single password, or other cryptographic paradigm. Thereafter, the process continues and applies the multiple pattern keys to the multiple data segments, as previously discussed. In this way, the system provides a One Time Pad to the encryption process. This One Time Pad (“OTP”) is performed to ensure that “holes” cannot be derived in any of the data in the event a given data segment is decrypted or broken by an unauthorized attack. By first encrypting all the data, if a hole is subsequently discovered by an attacker, it will not be possible for the attacker to determine the existence of such a hole. Without this step, if a hole is found in a broken data segment, the attacker may merely move through the data byte by byte until a subsequent hole in the data is located. Although a painstaking process, moving through the data in this manner may aid the attacker in his illicit attempt to decrypt the data. By first encrypting the data before applying the cryptographic techniques of the current disclosure, the attacker will not know that a hole has been located in the first instance.

As discussed above, which pattern keys are applied to which data segments is determined by the key pattern. This key pattern is agreed to amongst the parties using the cryptographic process in advance of using the cryptographic process. Using pattern keys, the key pattern defines which algorithm in the pattern key algorithm table is applied to each data segment. In addition, the key pattern is used to inform the recipient of the encrypted message whether the entire Plaintext data has first been encrypted, and if so, which algorithm was used to create the password.

By way of example, and not by way of limitation, a sample key pattern is 3.1254. This number represents the sequence of how each pattern key (and its associated cryptographic algorithm) is applied to each data segment during the encryption process. The first number (or any other symbol, indicia or phrase) located in front of the “.” indicates that the entire plaintext data is first encrypted. In this example, the “3” digit indicates that the plaintext is first encrypted using algorithm 3 from the pattern key algorithm table to create a password. Thereafter, the “1” following the “.” indicates that algorithm 1 (e.g., the first algorithm stored in the table and called from that location) is used to encrypt the first data segment. Next, the “2” indicates that algorithm 2 (e.g., the second algorithm in the pattern key algorithm table and called from that location) is used to encrypt the next data segment. This continues until all the designated algorithms have been applied to the multiple data segments. At the end of the key pattern, e.g., digit “4” in the above example, the cycle repeats by returning to the beginning digit following the “.” of the key pattern until all data segments have been processed. In a preferred embodiment, at least five pattern keys are used; however, one of ordinary skill in the art will appreciate that any number of keys 2-n may be used herein.

Once all the plaintext has been encrypted, the encrypted plaintext (message) is sent to an authorized recipient using any well-known technique, including, but not limited to email, network transmission, wireless transmission, portable data storage, or the like. Since the pattern key algorithm table and the key pattern was previously configured by the parties before the application of the cryptographic process, the receiving party simply uses the key pattern to apply the decryption protocol for each pattern key algorithm as it has been applied to each data segment during encryption. It is noted that in some embodiments, the key pattern also may be sent to the recipient, but generally this is not done to best preserve the sequence of the encryption process. Finally, if the plaintext data was initially encrypted with a password before the pattern key cryptography began, the first number located before the “.” will so indicate to the receiving party so that a final decryption process may be completed to retrieve the original, unencrypted plaintext.

Referring again to the drawings, and more particularly to FIG. 2, there is shown one embodiment of the encryption process.

Beginning at Step 201, the parties to the cryptographic transaction configure the system 10. At Step 202, the parties store in the memory 13 (referring to FIG. 1), and more particularly in the pattern key algorithm table 14, the appropriate keys (and their associated cryptographic paradigms) that will be used in the encryption process. Next, at Step 203, the key pattern is input to the system 10. At Step 204, the plaintext is input to the system 10. It will be appreciated that the pattern key algorithms, the plaintext, and the key pattern can be input to the system 10 through any known input device, including but not limited to a keyboard that is in communication with the system 10, any method of data transmission, e.g., network, wireless, or optical, use of a data file with an input port, any portable data storage device, or the like.

After all the pattern keys, key pattern and plaintext are input into the system 10, the processor 11 operates upon the plaintext data to encrypt the plaintext into an encrypted message.

Optionally, at Step 205, all the plaintext may first be encrypted with a password. The password is determined by the parties during the configuration phase of the system 10. As discussed above, this Step 205 is used to prevent an attacker from discovering any useful information should a broken segment be discovered by the attacker. Thereafter, the process continues to Step 206 where the system 10 is initialized. The variable “n” is reset to zero. The variable, n, corresponds to digit placement within the key pattern. By resetting n to zero, the encryption process begins at the start of the key pattern, i.e., the first digit of the key pattern.

At Step 207, the process determines whether all the data segments have been encrypted. If true is returned, the process continues at Step 208 and the encrypted data is stored in the memory 13 and/or output as a message. The message may then be transmitted to appropriate recipients of the message for subsequent decryption of the message and use of the resultant plaintext.

If some data remains to be encrypted, then the process continues and cycles through the data segments in a round robin fashion. At Step 209, the process determines if “n” is greater than the length of the key pattern. If n is greater than the length of the key pattern, then “n” is reset to zero, Step 210. This Step 210 is performed to enable the key pattern to be repeated as many times as is necessary to encrypt all the data. If n is not greater than the length of the key pattern, then at Step 211, the process acquires the appropriate pattern key from the list of pattern keys corresponding to the active key pattern number.

Once the selected pattern key is acquired, the process continues to Step 212 to obtain the appropriate data segment length corresponding to the selected key criteria. Recall, when using PKI, the key length of the PKI pattern key determines the length of the data segment. However, if the PKI paradigm is not being used with the active pattern key, then the length of the data segment is determined by a random number generated by an RNG 12.

Following Step 212, the process continues at Step 213 to shift the data index by the length of the current data segment. This Step 213 captures the next appropriate data segment (of a specified length) for encryption with the active pattern key. Then, at Step 214, the data segment is encrypted using the active pattern key.

Thereafter, the process continues at Step 215 where the process determines whether the pattern key is a length determined key. This Step 215 is performed when the RNG has generated the random number that determines the length of the data segment. The random length of the data segment must be included in the data stream or else the recipient cannot properly decrypt the message. The recipient would not be able to determine the length of the data segment and this would destroy the continuity of the data set. Therefore, if Step 215 returns true, then the process continues to Step 216 and the length of the encrypted data segment is stored in the data stream and the memory 13. Along with this data segment length, the encrypted data segment is then stored in memory, Step 217. If Step 215 returns false, i.e., the key is not a length derived key, then only the encrypted data segment is stored in memory, Step 217. This is because the PKI pattern key determines the length of the data segment, as previously discussed.

After storing the encrypted data segment, n is incremented so that the next pattern key in the key pattern can be obtained, Step 218. The cryptographic process continues to cycle until all the data has been encrypted by returning to Step 207.

Once an authorized recipient receives the encrypted message, the message must be decrypted to return the data to its original plaintext form. The recipient uses a system 10, such as that described in FIG. 1 above, to perform the decryption process. However, one of ordinary skill in the art will appreciate that variations of the system 10 may be used by each of the parties herein to encrypt and/or decrypt the information and, accordingly, none of the parties are required to use the same system as any other party.

By way of example only, and referring back to FIG. 1, there is shown one embodiment of the system 10 used to decrypt the message 16. The message 16 is input to system 10 and stored in the memory 13. Thereafter, the processor 11 accesses each data segment of the message from the memory 13 to decrypt the message by applying the appropriate pattern key, as defined by the key pattern 17. Recall, each data segment has a segment length 18 that may vary one from the other. The processor 11 accesses the pattern key for each data segment to determine the length of each data segment. If a PKI pattern key was used during encryption, the processor 11 knows the length of the data segment. In the event the data segment was encrypted with a non-PKI pattern key, the processor 11 must then access the memory 13 to acquire the determined length of this particular data segment. Recall that during encryption of the data segment, when a non-PKI pattern key was used, an RNG 12 generated a random number and this random number was used to determine the length of the data segment 18. Once the processor 11 has this information, the processor proceeds to decrypt the data segment using the proper data segment length 18 and proper pattern key. Continuing, the processor 11 accesses the next data segment and applies the next appropriate pattern key (in accordance with the key pattern 17). The system 10 continues this process until all the data segments have been properly decrypted using the pattern keys.

If the event the plaintext data was first encrypted by a password before the pattern key encryption process began, the processor 11 will access the key pattern from memory 13 to determine the proper password or cryptographic paradigm to apply to the data segments to complete the decryption process. At this point, the system 10 will have decrypted the message 16 to return to the original plaintext 15.

More particularly, and referring now to FIG. 3, there is shown another embodiment of a decryption process. Beginning at Step 301, the process first obtains the encrypted message. This message is input into the system 10 (referring to FIG. 1) using any well-known technique, including, but not limited to network transmissions, email, wireless transmission, portable data storage, and the like. Thereafter, the processor 11 operates on the message to apply the proper key pattern and associated decryption paradigms (pattern keys) to the message. The pattern keys and the sequence of their application to the data segments, i.e., the key pattern, are acquired at Steps 302 and 303, respectively. Recall, that the pattern keys and the key pattern have previously been determined and agreed to by the parties to the transaction when the system 10 was initially configured for use with the disclosed cryptographic technique. The process continues by initializing the system 10 and setting n to zero, Step 304. By setting n to zero, the process can begin with the first digit of the key pattern.

The process continues at Step 305 to determine if all the data has been decrypted. If Step 305 returns true, then, at Step 306, if the original plaintext data has been first encrypted as a whole (Step 205 in FIG. 2) then the appropriate decryption process is applied to return the message to its original plaintext form. The recipient may then use the plaintext according to his/her needs after any required clean-up of the data, Step 307. If the optional OTP was not performed (again Step 205 in FIG. 2), then Step 306 is omitted. If Step 305 returns false, then the process continues to Step 308 to determine whether or not the end of the key pattern has been reached. If n is greater than the length of the key pattern, then n is reset to zero to enable the key pattern to repeat from the beginning of the key pattern, step 309. If n is less than the length of the key pattern, then the process continues at Step 310.

At Step 310, the process acquires the appropriate pattern key from the list of pattern keys corresponding to the active pattern key digit. Again, these pattern keys are stored in the pattern key algorithm memory 14 of the memory 13. Next, the process at Step 311 determines if this is a PKI pattern key or a non-PKI pattern key. If a non-PKI pattern key is active, then the process must first obtain the length of the data segment that was determined by the RNG during the encryption process. As such, the process continues to Step 312 to retrieve the length of the encrypted data segment. If, however, in Step 311 the pattern key is not a length derived key using the RNG, then the appropriate length of the data segment for use with the active PKI pattern key is already known based upon the PKI paradigm.

At Step 313, the appropriate length of the encrypted data segment is acquired, whether it is determined by the RNG or the PKI paradigm. The data index is then shifted by the appropriate data segment length in Step 314. Thereafter, the appropriate key is applied to the corresponding encrypted data segment to decrypt the data segment, Step 315.

The process then continues at Step 316 so that the decrypted data segment is stored in memory. At Step 317, n is incremented to the next digit of the key pattern for selecting the next appropriate pattern key. Consequently, the decryption process continues to cycle in a round robin fashion (i.e., back to Step 305) until all the data has been decrypted and returned to the original plaintext form.

Continuing, by way of example only, and not by way of limitation, the following is one implementation of the disclosed cryptographic process, as applied to the following plaintext:

Alice has a secret family recipe (plaintext) that she wishes to send to Bob. Using the disclosed cryptographic process, Alice encrypts the recipe (creating a message). In order for this to process to operate properly, Alice and Bob must each have access to the same set of pattern keys, and the sequence the pattern keys are used, key pattern.

For the purposes of this example only, and not by way of limitation, the following pattern keys are used:

1 384 bit PKI

2 512 bit PKI

3 TripleDES based password from 64 to 256 characters long

4 1024 bit PKI

5 AES based password from 96 to 128 characters long

6 2048 bit PKI

7 Rijndael based password from 64 to 256 characters long

8 4096 bit PKI

9 8192 bit PKI

Alice and Bob have agreed to initially obfuscate the data with a One Time Pad (OTP) based on the phrase ‘testphrase’ using the ______ cryptographic paradigm. They have also agreed to use a key pattern of 12345 (any pattern here would work as long as it is based on the agreed upon key set). The following pattern is thus used to encrypt/decrypt the data segments:

-   -   1 For encryption, (since they agree to an initial pass) the         entire data stream is encrypted with an OTP based on their         agreed phrase using ______ paradigm.     -   2 The first data segment uses the 384 bit PKI to encrypt a data         segment that is 37 bytes long (the length of the data segment         being determined by the PKI key requirements, as discussed         above).     -   3 The second data segment uses the 384 bit PKI 512 to encrypt         the next data segment that is also 37 bytes long (again, as         determined by the PKI key requirements).     -   4 The third data segment uses the password data that is n bytes         long (as determined by the random number generator, as discussed         above)     -   5 The fourth data segment uses the 1024 bit PKI to encrypt the         data segment that is 37 bytes long (as determined by the PKI key         requirements)     -   6 The fifth data segment uses the password data n bytes long (as         determined by the random number generator)     -   7 At this point in the process, the pattern key is exhausted and         the process returns to the first key and in a round robin         fashion the process cycles again until all the data is encrypted         or decrypted.     -   8 For decryption, (since Alice and Bob agree to an initial OTP         pass through the plaintext) the entire data stream is decrypted         with the OTP based on Alice and Bob's agreed to phrase and the         associated cryptographic paradigm.

Applying the above to the recipe (plaintext), the following resultant encrypted message is created, as illustrated in Table 3:

Embodiments described herein involve combinations of method steps and system elements. These steps and elements may be combined in a plurality of ways to accomplish the same goals. One of ordinary skill in the art will appreciate that not all embodiments have all these components and each may have other components in addition to, or in lieu of, those components mentioned herein. Furthermore, while these components are viewed and described separately, various components may be integrated into a single unit in some embodiments.

The various embodiments described above are provided by way of illustration only and should not be construed to limit the claimed invention. Those skilled in the art will readily recognize various modifications and changes that may be made to the claimed invention without following the example embodiments and applications illustrated and described herein, and without departing from the true spirit and scope of the claimed invention, which is set forth in the following claims. 

What is claimed:
 1. A method for securing data, comprising: apportioning data into multiple data segments, using a processor, at least one or more of the data segments having a segment length different than the other data segments; and applying a pattern key from a plurality of pattern keys, using the processor, to each of the one or more data segments to encrypt the data segment, wherein each pattern key has a key strength; and wherein the key strength of at least one pattern key differs from that of the other pattern keys.
 2. The method of claim 1, wherein the pattern keys apply cryptographic paradigms chosen from the group consisting of: PKI, PVSSR, Blowfish, ECC, AES, Gamal, DES, TripleDES, Rijndael, XMX, Serpent, Blowfish, and Twofish.
 3. The method of claim 1, further comprises accessing a Random Number Generator, the Random Number Generator generating a random number, wherein the random number is used by the processor to determine the length of the data segment.
 4. The method of claim 3, further including storing the length of the data segments determined based upon the random number.
 5. The method of claim 4, further including accessing the stored lengths of the data segments during a decryption process.
 6. A method for securing information, comprising: applying a PKI pattern key from a plurality of PKI pattern keys to each of one or more data segments to encrypt the data segments, using a processor, the PKI pattern key having a key strength, wherein the key strength of at least one PKI pattern key differs from that of the other PKI pattern keys in the plurality of pattern keys; and determining, using the processor a length of the data segments as each PKI pattern key is applied to each of the one or more data segments based upon the key strength of the PKI pattern key, and wherein at least one or more of the data segments has a segment length different from the other data segments.
 7. A method for securing data, comprising: applying, using a processor, a pattern key from a plurality of pattern keys to a data segment to encrypt the data segment, each pattern key having a key strength, and wherein the key strength of at least one of the pattern keys differs from that of the other pattern keys; determining, using the processor, if the pattern key uses a PKI paradigm; if the pattern key uses the PKI paradigm, determining, using the processor, a length of the data segment based upon the applied PKI pattern key, wherein at least one of the data segments has a segment length that differs from the one or more other data segments; and if the pattern key uses a cryptographic paradigm other than PKI, determining, using the processor, the length of the data segment using a randomly determined number, and wherein at least one of the data segments has a segment length that differs from one or more other data segments.
 8. The method of claim 7, wherein the non-PKI pattern keys apply cryptographic paradigms chosen from the group consisting of: PVSSR, Blowfish, ECC, AES, Gamal, DES, TripleDES, Rijndael, XMX, Serpent, Blowfish, and Twofish.
 9. The method of claim 7, further comprises accessing a Random Number Generator, the Random Number Generator generating a random number, wherein the random number is used by the processor to determine the length of one or more of the data segments.
 10. The method of claim 9, further including storing the length of the data segments determined based upon the random number.
 11. The method of claim 10, further including accessing the stored lengths of the data segments during a decryption process.
 12. A method for securing data, comprising: apportioning data into multiple data segments, using a processor, at least one or more of the data segments having a segment length different than the other data segments; and using the processor to apply a pattern key from a plurality of pattern keys, in accordance with a key pattern, to each of the one or more data segments to encrypt the data segment, wherein each pattern key has a key strength; and wherein the key strength of at least one pattern key differs from that of the other pattern keys.
 13. The method of claim 12, wherein the pattern keys apply cryptographic paradigms chosen from the group consisting of PKI, PVSSR, Blowfish, ECC, AES, Gamal, DES, TripleDES, Rijndael, XMX, Serpent, Blowfish, and Twofish
 14. The method of claim 12, further comprises accessing a Random Number Generator, the Random Number Generator generating a random number, wherein the random number is used by the processor to determine the length of one or more of the data segments.
 15. The method of claim 13, further including storing the length of the data segments determined based upon the random number.
 16. The method of claim 14, further including accessing the stored lengths of the data segments during a decryption process.
 17. A method for securing information, comprising: using a processor to apply a PKI pattern key from a plurality of PKI pattern keys, in accordance with a key pattern, to each of one or more data segments to encrypt the data segments, the PKI pattern key having a key strength, wherein the key strength of at least one PKI pattern key differs from that of the other PKI pattern keys in the plurality of pattern keys; and using the processor to determine a length of the data segments as each PKI pattern key is applied to each of the one or more data segments based upon the key strength of the PKI pattern key, and wherein at least one or more of the data segments has a segment length different from the other data segments.
 18. A method for securing data, comprising: using a processor to apply a pattern key from a plurality of pattern keys, in accordance with a key pattern, to a data segment to encrypt the data segment, each pattern key having a key strength, and wherein the key strength of at least one of the pattern keys differs from that of the other pattern keys; using the processor to determine if the pattern key uses a PKI paradigm; if the pattern key uses the PKI paradigm, using the processor to determine a length of the data segment based upon the applied PKI pattern key, wherein at least one of the data segments has a segment length that differs from the one or more other data segments; and if the pattern key uses a cryptographic paradigm other than PKI, using the processor to determine the length of the data segment using a randomly determined number, and wherein at least one of the data segments has a segment length that differs from the one or more other data segments.
 19. The method of claim 18, wherein the non-PKI pattern keys apply cryptographic paradigms chosen from the group consisting of: PVSSR, Blowfish, ECC, AES, Gamal, DES, TripleDES, Rijndael, XMX, Serpent, Blowfish, and Twofish
 20. The method of claim 18, further comprises accessing a Random Number Generator, the Random Number Generator generating a random number, wherein the random number is used by the processor to determine the length of one or more of the data segments.
 21. The method of claim 20, further including storing the length of the data segments determined based upon the random number.
 22. The method of claim 21, further including accessing the stored lengths of the data segments during a decryption process.
 23. A method of encrypting data, comprising: receiving plaintext data; using a processor to access a key pattern, the key pattern identifying the sequence for applying a plurality of pattern keys to the plaintext data to encrypt the plaintext data, each pattern key having a key strength, and wherein the key strength of at least one of the pattern keys differs from the key strength of the other pattern keys; using the processor to apportion the plaintext data into data segments, one or more of the data segments having a segment length that is different from the one or more other data segments, and wherein the length of each data segment is determined by which pattern key is applied to the data segment; and using the processor to continue to apply the pattern keys to the data segments in accordance with the key pattern until all the plaintext data has been encrypted.
 24. The method of claim 23, wherein the plaintext data is initially encrypted using a first password.
 25. A method for securing data, comprising: receiving plaintext data; encrypting the entire received set of plaintext data using a first password and a processor to generate a first encrypted data; using the processor to apply a pattern key from a plurality of pattern keys, in accordance with a key pattern, to a data segment of the first encrypted data, each pattern key having a key strength and wherein the key strength of at least one of the pattern keys differs from the key strength of the other pattern keys; determining, using the processor, if the pattern key uses a PKI paradigm; if the pattern key uses the PKI paradigm, using the processor to determine the length of the data segment based upon the applied PKI pattern key, wherein the length of each data segment is determined by which pattern key is applied to the data segment, and wherein one or more of the data segments has a segment length that is different from one or more other data segments; if the pattern key uses a cryptographic paradigm other than PKI, using the processor to determine the length of the data segment using a randomly determined number, and wherein one or more of the data segments has a segment length that is different from one or more other data segments; and using the processor to continue to apply the pattern keys, in accordance with the key pattern, until all the first encrypted data has been further encrypted.
 26. A method of encrypting data, comprising: receiving plaintext data; encrypting the entire received set of plaintext data using a first password and a processor to generate a first encrypted message; using the processor to access a key pattern, the key pattern identifying the sequence for applying a plurality of pattern keys to the first encrypted message, each pattern key having a key strength, and wherein at least one of the pattern keys key strength differs from that of the other pattern keys; apportioning the first encrypted message into data segments, using the processor, one or more of the data segments having a segment length that is different from one or more other data segments, and wherein the length of each data segment is determined by which pattern key is applied to the data segment; and continuing to apply the pattern keys to the data segments, in accordance with the key pattern, until the first encrypted message has been further encrypted using the pattern keys.
 27. A method for decrypting encrypted data, comprising: receiving encrypted data, the encrypted data including multiple data segments; using a processor to apply a key pattern identifying the sequence by which a plurality of pattern keys are applied to the multiple data segments to decrypt the data segments, the pattern keys each having a key strength, and wherein the key strength of at least one pattern key differs from one or more of the other pattern keys, and wherein the data segments each have a segment length, the segment length of at least one data segment differing from that of the one or more other data segments; and using the processor to continue to apply the pattern keys to the encrypted data segments, in accordance with the key pattern, until all the encrypted data has been decrypted.
 28. The method of claim 27, further including using the processor to further decrypt the resultant decrypted output using a password that was initially applied to the data before an initial encryption process began.
 29. A system for securing information, comprising: a memory, the memory storing plaintext data, a plurality of pattern keys, and a key pattern; a processor, the processor in communication with the memory to form circuits and software for: (a) accessing the key pattern, the key pattern identifying the sequence for applying the plurality of pattern keys to the plaintext data to encrypt the plaintext data, each pattern key having a key strength, and wherein the key strength of at least one of the pattern keys differs from the key strength of the other pattern keys; (b) apportioning the plaintext data into data segments, one or more of the data segments having a segment length that is different from the one or more other data segments, and wherein the length of each data segment is determined by the pattern key that is applied to the data segment; (c) applying the pattern keys to the data segments to encrypt the data segments; and (d) continuing to apply the pattern keys to the data segments, in accordance with the key pattern, until all the plaintext data has been encrypted.
 30. The system of claim 29, wherein the pattern key is a cryptographic paradigm chosen from the group consisting of: list crypto techniques.
 31. The system of claim 29 wherein a first password is used to initially encrypt all of the plaintext data before an initial encryption process began.
 32. A system for securing information, comprising: a memory, the memory storing plaintext data, a plurality of pattern keys, and a key pattern; a Random Number Generator (RNG) for generating a random number; a processor, the processor in communication with the memory and the RNG to form circuits and software for: (a) applying the pattern keys from the plurality of pattern keys, in accordance with the key pattern, to a data segment of the plaintext data to encrypt the data segment, each pattern key having a key strength, and wherein the key strength of at least one of the pattern keys differs from the key strength of the other pattern keys; (b) determining if the pattern key uses a PKI paradigm; (1) if the pattern key uses the PKI paradigm, determining the length of the data segment based upon the applied PKI pattern key, wherein one or more of the data segments has a segment length that is different from one or more other data segments; (2) if the pattern key uses a cryptographic paradigm other than PKI, determining the length of the data segment using the randomly determined number generated by the RNG, wherein one or more of the data segments has a segment length that is different from one or more other data segments; (c) applying the pattern keys to the one or more data segments to encrypt the plaintext data; and (d) continuing a-c until all the plaintext data has been encrypted.
 33. The system of claim 32, wherein the pattern key is a cryptographic paradigm chosen from the group consisting of: list crypto techniques.
 34. The system of claim 32 wherein a first password is used to initially encrypt all of the plaintext data before an initial encryption process began.
 35. A system for decrypting data, comprising: a Random Number Generator (RNG); a memory, the memory storing an encrypted message, a plurality of pattern keys, a key pattern, and the length of a data segment if such segment length was determined using the RNG random number; a processor, the processor in communication with the memory and the RNG to form circuits and software for: (a) applying the pattern keys from the plurality of pattern keys, in accordance with the key pattern, to a data segment of the encrypted message to decrypt the data segment, each pattern key having a key strength, and wherein the key strength of at least one of the pattern keys differs from the key strength of the other pattern keys; (b) determining if the pattern key uses a PKI paradigm; (1) if the pattern key uses the PKI paradigm, determining the length of the data segment based upon the applied PKI pattern key, wherein one or more of the data segments has a segment length that is different from one or more other data segments; (2) if the pattern key uses a cryptographic paradigm other than PKI, determining the length of the data segment using the randomly determined number generated by the RNG, wherein one or more of the data segments has a segment length that is different from one or more other data segments; (c) decrypting the data segments using the pattern keys, in accordance with the key pattern; and (d) continuing a-c until all data segments of the encrypted message have been decrypted.
 36. The system of claim 35, wherein the pattern key is a cryptographic paradigm chosen from the group consisting of: PKI, PVSSR, Blowfish, ECC, AES, Gamal, DES, TripleDES, Rijndael, XMX, Serpent, Blowfish, and Twofish.
 37. The system of claim 35, wherein the resultant decrypted data is further decrypted using a first password that was applied before an initial encryption process began. 